-
PHP Files ≈ Packet Storm
Jan 15, 2021 | 15:59 pm
PHP-Fusion version 9.03.90 suffers from a cross site request forgery vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Jan 12, 2021 | 17:32 pm
WordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse[…]
Read more...
-
PHP Files ≈ Packet Storm
Jan 8, 2021 | 16:28 pm
This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.
Read more...
-
PHP Files ≈ Packet Storm
Jan 8, 2021 | 16:18 pm
Whitepaper called Practical PHP Security.
Read more...
-
PHP Files ≈ Packet Storm
Jan 8, 2021 | 15:49 pm
WordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote[…]
Read more...
-
PHP Files ≈ Packet Storm
Dec 31, 2020 | 16:07 pm
qdPM versions 9.1 and below suffer from an executeExport PHP object injection vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Dec 24, 2020 | 18:17 pm
Gentoo Linux Security Advisory 202012-16 - Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. Versions less than 8.0.0 are affected.
Read more...
-
PHP Files ≈ Packet Storm
Dec 23, 2020 | 18:08 pm
This Metasploit module exploits an unauthenticated command execution vulnerability in TerraMaster TOS version 4.2.06 leveraging include/makecvs.php.
Read more...
-
PHP Files ≈ Packet Storm
Dec 18, 2020 | 19:58 pm
This Metasploit module affects WordPress Yet Another Stars Rating plugin versions prior to 1.8.7 and demonstrates a PHP object injection vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Dec 11, 2020 | 22:16 pm
Online Bus Booking System Project using PHP MySQL version 1.0 suffers from a persistent cross site scripting vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Dec 8, 2020 | 17:52 pm
Student Management System PHP version 1.0 suffers from a persistent cross site scripting vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Dec 8, 2020 | 17:48 pm
Online Bus Booking System Project using PHP MySQL version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Read more...
-
PHP Files ≈ Packet Storm
Dec 2, 2020 | 18:54 pm
Online Voting System Project in PHP suffers from a persistent cross site scripting vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Dec 1, 2020 | 17:36 pm
Red Hat Security Advisory 2020-5275-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, null pointer, and out of bounds read vulnerabilities.
Read more...
-
PHP Files ≈ Packet Storm
Nov 30, 2020 | 10:22 am
Online Job Portal in PHP/PDO version 1.0 suffers from a remote SQL injection vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Nov 25, 2020 | 17:40 pm
This Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "json_encode_safe()" is not used in config/databasebackend.inc. Successful exploitation[…]
Read more...
-
PHP Files ≈ Packet Storm
Nov 25, 2020 | 17:37 pm
This Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename function does not conform to the file extension restrictions, thus[…]
Read more...
-
PHP Files ≈ Packet Storm
Nov 17, 2020 | 16:24 pm
Online Doctor Appointment Booking System PHP and MySQL version 1.0 suffers from a remote SQL injection vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Nov 13, 2020 | 16:51 pm
This Metasploit module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta in order to execute arbitrary commands. The module first attempts to authenticate to HorizontCMS. It then tries to upload a malicious PHP file via an HTTP POST request[…]
Read more...
-
PHP Files ≈ Packet Storm
Nov 10, 2020 | 16:04 pm
The WordPress File Manager (wp-file-manager) plugin versions 6.0 through 6.8 allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to[…]
Read more...
-
PHP Files ≈ Packet Storm
Oct 28, 2020 | 17:33 pm
Nagios XI version 5.7.3 mibs.php remote command injection exploit.
Read more...
-
PHP Files ≈ Packet Storm
Oct 27, 2020 | 15:12 pm
Ubuntu Security Notice 4583-2 - USN-4583-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.10. It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or[…]
Read more...
-
PHP Files ≈ Packet Storm
Oct 21, 2020 | 23:38 pm
Ubuntu Security Notice 4586-1 - It was discovered that PHP ImageMagick extension didn't check the address used by an array. An attacker could use this issue to cause PHP ImageMagick to crash, resulting in a denial of service.
Read more...
-
PHP Files ≈ Packet Storm
Oct 20, 2020 | 22:12 pm
Visitor Management System in PHP version 1.0 suffers from an authenticated remote SQL injection vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Oct 19, 2020 | 18:03 pm
ReQuest Serious Play F3 Media Server version 7.0.3 suffers from an unauthenticated remote code execution vulnerability. Abusing the hidden ReQuest Internal Utilities page (/tools) from the services provided, an attacker can exploit the Quick File Uploader (/tools/upload.html) page and upload[…]
Read more...